Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 959a35f1 authored by Jeff Moyer's avatar Jeff Moyer Committed by Jens Axboe
Browse files

blk-mq: fix dereference of rq->mq_ctx if allocation fails 



If __GFP_WAIT isn't set and we fail allocating, when we go
to drop the reference on the ctx, we will attempt to dereference
the NULL rq. Fix that.

Signed-off-by: default avatarJeff Moyer <jmoyer@redhat.com>
Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
parent e345d767

block/blk-mq.c

+8 −4
Original line number Diff line number Diff line
@@ -202,10 +202,12 @@ static struct request *blk_mq_alloc_request_pinned(struct request_queue *q, 
		if (rq) {

			blk_mq_rq_ctx_init(q, ctx, rq, rw);

			break;

		} else if (!(gfp & __GFP_WAIT))

			break;

		}



		blk_mq_put_ctx(ctx);

		if (!(gfp & __GFP_WAIT))

			break;



		__blk_mq_run_hw_queue(hctx);

		blk_mq_wait_for_tags(hctx->tags);

	} while (1);
@@ -222,6 +224,7 @@ struct request *blk_mq_alloc_request(struct request_queue *q, int rw, 
		return NULL;



	rq = blk_mq_alloc_request_pinned(q, rw, gfp, reserved);

	if (rq)

		blk_mq_put_ctx(rq->mq_ctx);

	return rq;

}
@@ -235,6 +238,7 @@ struct request *blk_mq_alloc_reserved_request(struct request_queue *q, int rw, 
		return NULL;



	rq = blk_mq_alloc_request_pinned(q, rw, gfp, true);

	if (rq)

		blk_mq_put_ctx(rq->mq_ctx);

	return rq;

}